CVE-2020-24360

Exploit

EPSS 0.1%
Published 28.12.2020 19:15:12
Last modified 21.11.2024 05:14:39
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista EOS versions are: 4.24.2.4F and below releases in the 4.24.x train; 4.23.4M and below releases in the 4.23.x train; 4.22.6M and below releases in the 4.22.x train.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Arista ≫ Eos Version >= 4.22.0f <= 4.22.6m

   Arista ≫ 7280cr2ak-30 Version-
   Arista ≫ 7280cr2k-60 Version-
   Arista ≫ 7280cr3-32d4 Version-
   Arista ≫ 7280cr3-32p4 Version-
   Arista ≫ 7280cr3-96 Version-
   Arista ≫ 7280cr3k-32d4 Version-
   Arista ≫ 7280cr3k-32p4 Version-
   Arista ≫ 7280cr3k-96 Version-
   Arista ≫ 7280dr3-24 Version-
   Arista ≫ 7280dr3k-24 Version-
   Arista ≫ 7280pr3-24 Version-
   Arista ≫ 7280pr3k-24 Version-
   Arista ≫ 7280sr3-48yc8 Version-
   Arista ≫ 7280sr3k-48yc8 Version-
   Arista ≫ 7500r3-24d Version-
   Arista ≫ 7500r3-24p Version-
   Arista ≫ 7500r3-36cq Version-
   Arista ≫ 7500r3k-36cq Version-
   Arista ≫ 7504r3 Version-
   Arista ≫ 7508r3 Version-
   Arista ≫ 7512r3 Version-
   Arista ≫ 7800r3-36p Version-
   Arista ≫ 7800r3-48cq Version-
   Arista ≫ 7800r3k-48cq Version-
   Arista ≫ 7804r3 Version-
   Arista ≫ 7808r3 Version-

Arista ≫ Eos Version >= 4.23.0f <= 4.23.4m

Arista ≫ Eos Version >= 4.24.0f <= 4.24.2.4f

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.249

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.4	2.8	4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	6.1	6.5	6.9	AV:A/AC:L/Au:N/C:N/I:N/A:C

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

https://www.arista.com/en/support/advisories-notices/security-advisories/11999-security-advisory-59

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-24360

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-24360

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-24360

EUVD